Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#1 2016-06-16 12:50:21

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,409
Website

FluxBB 1.5.10 released

I am pleased to announce the eleventh release in the 1.5 cycle: v1.5.10 is here.

This release fixes a security vulnerability as well as several bugs, and also contains several small improvements.

The vulnerability, kindly disclosed by Kacper Szurek, allowed skilled attackers to inject malicious JavaScript into the page that is shown when administrators try to view information about a user's IP address.

In addition, this release contains some minor improvements in the area of CSS and usability, and fixes several smaller bugs. For more details, please view the full changelog.

Please update your forums as soon as possible.

We also recommend subscribing to the security mailing list in your site's user profile. That way, you will get notified of new security-relevant releases immediately.

As always, download packages can be found on our download page.
Changed files and patches are available on the upgrade page. Please remember to make a backup of your files as well as the database before upgrading your forum!

A big thank you to all contributors, and again a hat-tip to Kacper Szurek for the detailed and responsible disclosure of security information!

Last edited by Franz (2016-06-17 11:53:10)


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#2 2016-06-16 13:45:55

wimc
Member
Registered: 2010-10-31
Posts: 109

Re: FluxBB 1.5.10 released

Got it, easy and successful upgrade at that.

Made changes throughout the my forum, easily change it back with new version. Just made forum2 for 1.5.10 and added the config.php file over, ran db_update.php file. Way I did it, fine with it.

Offline

#3 2016-06-16 13:59:07

ehtime
Member
Registered: 2009-06-18
Posts: 137
Website

Re: FluxBB 1.5.10 released

Great!

Offline

#4 2016-06-16 15:43:25

walterfenley
Member
Registered: 2016-06-16
Posts: 5

Re: FluxBB 1.5.10 released

Hi there,
i am going to  use this forum software   for my upcoming forum but, i have some question if anyone can help, i will be very thankful to him.
1)I want to  Make user register and login only through twitter And only those users can post on the forum which are register through twitter.
2) if someone posts on the forum  that should  be automatically posted on the twitter page  of that person and if some one reply to that post on the forum  that  should also be  added to the twitter page of that person.
.Thread-starter can write a link like "google.com" and then the webpage screen frame of "google.com" will appear inside the thread.

Last edited by walterfenley (2016-06-16 22:48:22)

Offline

#5 2016-06-16 17:02:08

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,275
Website

Re: FluxBB 1.5.10 released

Are the tickets which contain the security vulnerabilities public? I can't see them in the changelog you linked to.


Download Panther - The dawn of a new age in forum software.
Why should I use Panther? | Panther demo | Convert to Panther

Offline

#6 2016-06-16 20:51:06

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,409
Website

Re: FluxBB 1.5.10 released

chris98 wrote:

Are the tickets which contain the security vulnerabilities public? I can't see them in the changelog you linked to.

Nope. The issue was reported by email.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#7 2016-06-17 07:56:05

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,275
Website

Re: FluxBB 1.5.10 released

Oh, ok.

I just tried to use the upgrade page to see which files had been upgraded, and when you select to upgrade from 1.5.9 to 1.5.10, it says that 1.5.9 is the latest version.


Download Panther - The dawn of a new age in forum software.
Why should I use Panther? | Panther demo | Convert to Panther

Offline

#8 2016-06-17 11:52:43

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,409
Website

Re: FluxBB 1.5.10 released

chris98 wrote:

I just tried to use the upgrade page to see which files had been upgraded, and when you select to upgrade from 1.5.9 to 1.5.10, it says that 1.5.9 is the latest version.

Oh, thanks for catching that, too. Turns out you shouldn't sort version numbers alphabetically when trying to determine the latest version. Not the first time this happened... wink

Works now.

---

For everyone:

I recommend subscribing to the security mailing list in your site's user profile. That way, you will get notified of new security-relevant releases immediately.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#9 2016-06-17 12:01:51

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,275
Website

Re: FluxBB 1.5.10 released

No problem, thanks for fixing it, looks like it's been a fairly good bug-fixing release. If I were to suggest one improvement though, it would be to have a dedicated page to unsubscribe which is linked to from the subscription email.

Once you're on the page, the token is filled into the form and you click the "unsubscribe" button. This is how phpBB handles it, anyway.

I did happen to notice one more problem though on the site, when viewing the changelog, 1.5.10 is down next to 1.5.1 - guess you also listed them alphabetically there too. wink


Download Panther - The dawn of a new age in forum software.
Why should I use Panther? | Panther demo | Convert to Panther

Offline

#10 2016-06-17 12:44:30

Visman
Member
From: Siberia
Registered: 2010-07-10
Posts: 1,099

Re: FluxBB 1.5.10 released


My modification of FluxBB 1.5.10 - rev.75 * Parserus - BBCode parser
I speak only Russian  tongue

Offline

#11 2016-06-17 12:58:33

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,409
Website

Re: FluxBB 1.5.10 released

@Visman: No, it's a good change. Unfortunately, it had Windows line endings before, we fixed that now.

P.S.: If you want to see the changes without whitespace changes, use this link: https://github.com/fluxbb/fluxbb/compar … b3cb66db98

Last edited by Franz (2016-06-17 13:00:13)


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#12 2016-06-17 13:28:28

Visman
Member
From: Siberia
Registered: 2010-07-10
Posts: 1,099

Re: FluxBB 1.5.10 released

Visman wrote:

empty change for login.php  tongue


My modification of FluxBB 1.5.10 - rev.75 * Parserus - BBCode parser
I speak only Russian  tongue

Offline

#13 2016-06-17 17:36:44

Blueeyez
Member
Registered: 2016-04-04
Posts: 93
Website

Re: FluxBB 1.5.10 released

Just upgradede https://kviksupport.dk from 1.5.9 to 1.5.10 with no problems smile

Last edited by Blueeyez (2016-06-17 17:37:27)

Offline

#14 2016-06-17 20:40:19

cyberman
Member
From: Germany
Registered: 2010-01-11
Posts: 289
Website

Re: FluxBB 1.5.10 released

Is there anything I should/can do for 1.4 series, or it's only 1.5 related?

Offline

#15 2016-06-18 04:23:08

Visman
Member
From: Siberia
Registered: 2010-07-10
Posts: 1,099

Re: FluxBB 1.5.10 released

1.4 long dead.


My modification of FluxBB 1.5.10 - rev.75 * Parserus - BBCode parser
I speak only Russian  tongue

Offline

#16 2016-06-18 09:47:21

cyberman
Member
From: Germany
Registered: 2010-01-11
Posts: 289
Website

Re: FluxBB 1.5.10 released

Visman wrote:

1.4 long dead.

Have I missed the official statement for that?

Last security update comes out october 2014...

Offline

#17 2016-06-18 11:39:37

Visman
Member
From: Siberia
Registered: 2010-07-10
Posts: 1,099

Re: FluxBB 1.5.10 released

last version 1.4.x -> 1.4.10 completed 2013-04-22.
3 years as a dead smile


My modification of FluxBB 1.5.10 - rev.75 * Parserus - BBCode parser
I speak only Russian  tongue

Offline

#18 2016-06-18 13:17:12

cyberman
Member
From: Germany
Registered: 2010-01-11
Posts: 289
Website

Re: FluxBB 1.5.10 released

1.4.x does what I want, has some (a lot) useful mods inside.

And there are some features inside 1.5 I dont want/need big_smile.

You know - never change a running system.

Offline

#19 2016-06-18 13:43:28

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,409
Website

Re: FluxBB 1.5.10 released

@cyberman: Just apply this commit, that fixes the vulnerability.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#20 2016-06-19 00:44:41

Gary
Moderator
From: Sydney, Australia
Registered: 2009-09-07
Posts: 211

Re: FluxBB 1.5.10 released

Well done Franz. So good to see another release.

Offline

#21 2016-06-20 12:03:12

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 680
Website

Re: FluxBB 1.5.10 released

Visman wrote:

last version 1.4.x -> 1.4.10 completed 2013-04-22.
3 years as a dead smile

1.4.13 is the latest release, and normally there should still be support for security related issues last time I checked.

Offline

#22 2016-06-20 12:23:06

Visman
Member
From: Siberia
Registered: 2010-07-10
Posts: 1,099

Re: FluxBB 1.5.10 released


My modification of FluxBB 1.5.10 - rev.75 * Parserus - BBCode parser
I speak only Russian  tongue

Offline

#23 2016-06-20 13:38:11

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,409
Website

Re: FluxBB 1.5.10 released

@Visman: It was announced here.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#24 2016-06-20 18:09:50

aceagenda
FluxBB Donor
Registered: 2014-11-30
Posts: 1

Re: FluxBB 1.5.10 released

Neat upgrade! Many thanks! smile

Offline

#25 2016-06-23 15:05:23

cyberman
Member
From: Germany
Registered: 2010-01-11
Posts: 289
Website

Re: FluxBB 1.5.10 released

Franz wrote:

@cyberman: Just apply this commit, that fixes the vulnerability.

Thx!!!

Offline

Board footer

Powered by FluxBB